Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Please let me know for what purpose is used this computer, means also do you keep confidential data on it?

Do you have banking or personal information on this computer?

If this is a company computer, then i suggest clean reformat as a best solution.

The reason why i am asking you these questions is because, the last report shows a hidden process, which may mean a presence of undetected backdoor and rootkit. At this point i cant say what is the real threat, why is this process hidden or what is hiding it. We will do more research, but i would also like you to take your time and read the recommendations below:

1) use a known secure computer to change all of your online passwords
2) contact your bank and credit card company for possible unauthorised transactions

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for â€˜Show Allâ€™.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Post back with new combofix report, gmer report and fresh HijackThis log.

Your file (hgdebx.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

Your file (CICnt5.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

My family uses the same computer, we have other ones but this is the main computer. Mostly on my desktop I have my passwords stored and on sites such as Amazon or Fandango we have credit card numbers stored.

My family uses the same computer, we have other ones but this is the main computer. Mostly on my desktop I have my passwords stored and on sites such as Amazon or Fandango we have credit card numbers stored.

I suggest changing all of the passwords using a known secure computer, alsocontact your bank and credit card company for possible unauthorized transactions. Read my previous post for more information.

Looking at your logs it seems that you are running two antivirus programs at a time. It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either Norton or McAfee.

Also, you are using outdated version of Ewido. Ewido is being sold to Grisoft and the latest version is named AVG Antispyware, therefor, go to add/remove in the control panel and remove Ewido. I will give you instructions for downloading AVG Antispyware in my next instructions.

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER

Please follow the steps below exactly in the order they are written:

Step #1

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

NOTE: if you are unable to run scan with AVG Anti-Spyware in Safe Mode, Click the next link http://fileserver.ewido.net/public.cgi?id=20990 and download AVG_Anti-Spyware_7.5.1.36_Safe_Mode_Registry_Patch.reg to your desktop. It should look like this -> double click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?".Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

b.) Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 only

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.

Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".

AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.Once the scan is complete do the following:

If you have any infections you will prompted, then select "Apply all actions"

Next select the "Reports" icon at the top.

Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

SNOWHITE wrote:Looking at your logs it seems that you are running two antivirus programs at a time. It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either Norton or McAfee.

I'm not sure which one we purchased or which one is running currently, I will have to check with the family and get back to you. Is there any way to keep both while only running one at a time?

[*]Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.[*]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".[*]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.Once the scan is complete do the following:[*]If you have any infections you will prompted, then select "Apply all actions"[*]Next select the "Reports" icon at the top.[*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).[*]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.[/list]

It listed 13 something infections and everything was fine when I clicked "Apply All Actions" but there was no report to display/save?

ross_rachel4life wrote:I'm not sure which one we purchased or which one is running currently, I will have to check with the family and get back to you. Is there any way to keep both while only running one at a time?

The best would be if you disable one of them. When you find which one you paid for, uninstall the other one, it is not good for the computer running two antivirus programs especially when it comes to combination of Norton and McAfee.

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Step #2

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
* OptionalsViewpoint Manager (Remove Only) - This program is used to update the Viewpoint Media Player. This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

WildTangent Web Driver - Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including

Operating System Version
CPU Type and Speed
Memory Amount
Video Card type and Driver Version
Sound Card type and Driver Version
DirectX Version
Location that the Web Driver was installed from
It is also a MAJOR resource hog.

Please note any other programs that you don't recognize in that list in your next response

Step #3

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Documents and Settings\Christina\Application Data\ntos.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step #2

* Open Norton AntiVirus by double clicking the 'Shield' icon located in the right hand bottom corner of your computer screen.Double click the 'View' folder. It is located on the left side of the Norton AntiVirus window. This will expand the folder and display the contents. Click on the 'Quarantine' icon. The right side of the Norton AntiVirus window will now list the contents of your quarantine folder.Select the item you wish to remove and click on RED 'X' icon to delete it. This will open the 'Take Action' window. Click the 'Start Delete' button to remove the infected file from your computer.Repeat for any other quarantined files you want to remove.When you are done removing files, click the 'Exit' button in the bottom left hand corner of the Norton AntiVirus window.

When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

Go to Tools > Options.

Click Privacy in the menu on the left side of the Options window.

Click the Clear button located to the right of each option (History, Cookies, Cache).

Click OK to close the Options windowAlternatively, you can clear all information stored while browsing by clicking Clear All.A confirmation dialog box will be shown before clearing the information.

* Clean other Temporary files + Recycle bin

Go to start > run and type: cleanmgr and click ok.

Let it scan your system for files to remove.

Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.

Press OK to remove them.

* Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompt by your firewall that OTMoveIt tries to contact internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes.

NOTE: This will remove some of the tools we used so far, including OTMoveIt.

Run new scan with Kaspersky and post the scan report back here along with new HijackThis log. Let me know how is the computer running.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.